5896 matches found
Plash沙盒中进程TIOCSTI ioctl()权限提升漏洞
Plash是用于在沙盒中运行GNU/Linux程序的系统,以使程序只能获得最低权限。 Plash没有正确的限制沙盒中的进程通过TIOCSTI ioctl向终端的文件描述符插入字符,如果该终端上运行着shell的话,恶意的沙盒中进程就可能以该shell的权限执行任意命令。 Plash 1.17 临时解决方法: 代理访问stdin/stdout/stderr,通过cat管道传输: cat | pola-run ... 2&1 | cat 厂商补丁: Plash ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Design/Logic Flaw
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash allows sandboxed processes to open /dev/tty via TIOCSTI, enabling local users to escape sandbox restrictions and send characters to a shell process on the same terminal to execute arbitrary commands. This CVE (CVE-2007-1400) is documented with a local-privilege/escalation impact and does no...
CVE-2006-7098
The Debian GNU/Linux 033-FNOSETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl...
madwifi <= 0.9.2.1 WPA/RSN IE Remote Kernel Buffer Overflow Exploit
No description provided by source. / ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ expoit code by: sgrakkyu at antifork.org -- 10/1/2007 CVE: 2006-6332 Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES for wpa .... memcpybuf, se-sewpaie, se-sewpaie1 + 2 .... .... the function re-uses...
Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow
/ ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ expoit code by: sgrakkyu antifork.org -- 10/1/2007 CVE: 2006-6332 Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES for wpa .... memcpybuf, se-sewpaie, se-sewpaie1 + 2 .... .... the function re-uses args in the stack before returning so...
[Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities.
Trend Micro Products Multiple Local Privilege Escalation Vulnerabilities Discovered by: Rubйn Santamarta [email protected] Affected products: Client / Server / Messaging Security for SMB – 3.5 PC-cillin Internet Security - 2007, Trend Micro AntiVirus – 2007 Trend Micro Anti-Spyware for SMB –...
Trend Micro病毒扫描引擎TMComm本地权限提升漏洞
Trend Micro病毒扫描引擎为桌面、服务器和网关提供杀毒功能。 Trend Micro的病毒扫描引擎中所捆绑的TmComm.sys驱动没有对\.\TmComm DOS设备接口设置安全的权限,对Everyone给予了写权限。这允许本地登录的用户通过IOCTL访问仅应由特权用户才能访问的功能。 此外,这个DOS设备接口的IOCTL处理器没有验证对其传送的地址,允许在内核(RING 0)环境中覆盖任意内存或执行任意指令。 Trend Micro PC-cillin Internet Security 2007 Trend Micro Antivirus 2007 Trend Micro...
Linux kernel get_fdb_entries() integer overflow
Integer overflow in the getfdbentries function in net/bridge/brioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request...
Kaspersky Antivirus privilege escalation
Privilege escalation with KLIN and KLICK system drivers IOCTL...
Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation
The version of Kaspersky Anti-Virus installed on the remote host allows a local attacker to execute arbitrary code with kernel privileges by passing a specially crafted Irp structure to an IOCTL handler used by the KLIN and KLICK device drivers. By leveraging this flaw, a local attacker may be ab...
[Full-disclosure] [Madwifi] Madwifi SIOCGIWSCAN buffer overflow // France Telecom
Name: Madwifi SIOCGIWSCAN buffer overflow Vendor: http://www.madwifi.org Release date: December, 7th 2006 CVE ID: CVE-2006-6332 Authors: Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES 1. Description There is a buffer overflow in the madwifi Atheros driver in some functions called by SIOCSIWSCAN...
Intel网卡驱动本地权限提升漏洞
Intel Pro 100/1000是英特尔推出的系列网卡设备。 所有的Intel网卡驱动(NDIS miniport驱动)中都存在一个栈溢出漏洞,本地攻击者可能利用此漏洞提升自己在系统中的权限。 尽管NDIS miniport驱动占用的是低层,非特权用户态代码仍可以通过需要由NDIS实现的网卡统计请求与该驱动通讯。如果攻击者能够向\Device\adapterguid发送IOCTLNDISQUERYSELECTEDSTATS 0x17000E请求的话,就会导致NDIS.SYS调用...
FreeBSD-SA-06:25.kmem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:25.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in firewire4 Category: core Module: sysdev Announced: 2006-12-06 Credits: Rodrigo...
FireWire IOCTL integer overflow in different BSD-based Unix system
Negative IOCTL paramter value allows read access to kernel memory...
CVE-2006-5751
Integer overflow in the getfdbentries function in net/bridge/brioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request...
CVE-2006-5751
Integer overflow in the getfdbentries function in net/bridge/brioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request...
CVE-2006-5751
Integer overflow in the getfdbentries function in net/bridge/brioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request...